[QILIN] – Ransomware Victim: Gericke AG
NOTE: No files or stolen information are exfiltrated, downloaded, taken, hosted, seen, reposted, or disclosed by RedPacket Security. Any legal issues relating to the content should be directed at the attackers, not RedPacket Security. This blog is an editorial notice informing that a company has fallen victim to a ransomware attack. RedPacket Security is not affiliated with any ransomware threat actors or groups and will not host infringing content. The information on this page is automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.
AI Generated Summary of the Ransomware Leak Page
Gericke AG, a Swiss manufacturing company with a long history of designing and producing equipment and systems for bulk material processing, is identified as the victim on a ransomware leak post attributed to the group behind the incident. The leak page presents the event as a data breach and features a gallery of 13 image assets that appear to be internal documents or materials; their exact contents are not described in the excerpt. The post emphasizes Gericke AG’s global footprint and workforce, noting a presence across multiple countries and a sizeable professional staff. In addition to the image gallery, the page references an onion-hosted data repository and includes metadata items such as a TOX code and an FTP-like data path, signaling exfiltration channels. A claim URL indicator is shown in the metadata, suggesting there is a claim link associated with the post, though no direct link is provided in the public text. Taken together, the post profiles Gericke AG as a long-standing manufacturing victim with visible internal materials, consistent with ransomware leak posts.
Regarding timing and potential impact, the record lists a key date of 2025-10-23, which is to be treated as the post date since the data does not provide an explicit compromised date. The impact is not labeled in the excerpt, and there is no stated ransom amount or demand. The leak page’s 13 images are likely snapshots of internal documents or materials, offered to illustrate the breach while their contents are not described in detail. The metadata includes references to an onion URL (defanged in the record) and an FTP-like credential note, which together imply exfiltration channels and potential access to stolen data outside the victim’s environment. Overall, the post presents a data-leak scenario rather than a straightforward encryption event, with Gericke AG named as the victim and the attached images and data references serving to corroborate the claim of exfiltration.
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
